In a hotel meeting room in Manhattan, Kiril Tsemekhman stood before a projected display of the screen of an active PC in Brooklyn. Kiril and coworkers at Integral Ad Science had purposely infected this machine with a virus that would attract the botnets, the mafia families of computer fraud, as he characterized them. The same Brooklyn PC screen was displayed, blank, on a nearby laptop. But the screen forming Tsemekhman’s backdrop, specially coded through Wireshark , was firing page after page of URLs—retail sites, sports sites, cooking sites in a steady stream, creating a false profile of a non-existent person who would be served “relevant” ads via automated ad buying programs.
The guy from Brooklyn who owns the computer will never see the ads served to any of his alter-PC-egos, but the marketers whose ads got served will still pay for them. Fifteen minutes after the Brooklyn PC had engaged a browser, an ad blocker showed that 974 ads had been served on it. “At any given time, the average botnet has access to about a hundred thousand PCs, and we’ve just seen they can serve each one 4,000 ads an hour,” said Tsemekhman, Integral’s chief data officer. “And the ads are invisible.”
Integral had called a summit to share what it’s learned about online fraud over years of selling ad viewability and safety services to the marketing industry. It had long approached the problem from a stealth positioning, noted Integral CEO Scott Knoll, but the time had come to go public with the severity of the problem. Here are some statistics the company compiled from its extensive client dealings:
- Bots run rampant. Some 20% of impressions from networks, 25% from exchanges, 30% from bid requests, and 40% from in-banner videos are fraudulent. Overall, Integral estimates, some 15% of ads served are phony. As long as a computer’s turned on, fake ads will be served. “It’s a giant epidemic,” said David Hahn, Integral’s SVP of product management and customer service at Integral Ad Science.
- Under the radar. Botnets work while the nation sleeps. They’ll slam the U.S. with phony ads for three solid hours starting a 2a.m. or 3 a.m., then flitter away before they’re detected. They’re smart, employing networks of young, tech-savvy hackers in Asia and Eastern Europe. Because they prey mostly on Americans, they’re essentially impervious to actions by law enforcement.
- Easy marks. The typical marks of the botnets are clueless. They are technologically challenged, suburban and rural denizens with dated computers and software. Throwing away old bags of Chips Ahoy is their idea of cleaning out cookies.
- Help from victims. Integral execs say it is common knowledge in the ad industry that players on both the sell side and the advertiser are in denial about the problem, or are conveniently “unaware.” Aggregators either knowingly or unknowingly sell bot traffic and pretend the problem doesn’t exist, and some marketers turn their heads because 30% of ads being served to non-humans makes analyzing their campaigns difficult. Plus, cheap CPMs can make their bosses think they’re masters at efficient programmatic buying.
Some networks have created blacklists of botnets hoping to reactively deny supply to the bad guys, but they just reappear with new sites and new names. And anyway the lists aren’t frequently updated.
What to do? Now, the Integral folks don’t invite members of the press to fancy breakfasts in hip hotels just because they like our company. They sell tracking services, and their take is that only detecting and preventing of ads serving at the impression level can put the bots out of business.
“The imminent risks are great,” Hahn said. “Programmatic buying is here to stay.”